<!DOCTYPE html>
<!-- saved from url=(0033)http://www.mottoin.com/87386.html -->
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<link rel="dns-prefetch" href="http://apps.bdimg.com/">
<meta http-equiv="X-UA-Compatible" content="IE=11,IE=10,IE=9,IE=8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=0, minimum-scale=1.0, maximum-scale=1.0">
<meta name="apple-mobile-web-app-title" content="MottoIN">
<meta http-equiv="Cache-Control" content="no-siteapp">
<title>绕过限制上传文件总结-MottoIN</title>
<link rel="stylesheet" id="pure-highlightjs-style-css" href="./绕过限制上传文件总结-MottoIN_files/default.css" type="text/css" media="all">
<link rel="stylesheet" id="pure-highlightjs-css-css" href="./绕过限制上传文件总结-MottoIN_files/pure-highlight.css" type="text/css" media="all">
<link rel="stylesheet" id="page-list-style-css" href="./绕过限制上传文件总结-MottoIN_files/page-list.css" type="text/css" media="all">
<link rel="stylesheet" id="_bootstrap-css" href="./绕过限制上传文件总结-MottoIN_files/bootstrap.min.css" type="text/css" media="all">
<link rel="stylesheet" id="_fontawesome-css" href="./绕过限制上传文件总结-MottoIN_files/font-awesome.min.css" type="text/css" media="all">
<link rel="stylesheet" id="_main-css" href="./绕过限制上传文件总结-MottoIN_files/main.css" type="text/css" media="all">
<link rel="https://api.w.org/" href="http://www.mottoin.com/wp-json/">
<link rel="prev" title="动手实现代码虚拟机" href="http://www.mottoin.com/87374.html">
<link rel="next" title="PenTBox 简易蜜罐的设置" href="http://www.mottoin.com/87417.html">
<link rel="canonical" href="http://www.mottoin.com/87386.html">
<link rel="shortlink" href="http://www.mottoin.com/?p=87386">
<link rel="alternate" type="application/json+oembed" href="http://www.mottoin.com/wp-json/oembed/1.0/embed?url=http%3A%2F%2Fwww.mottoin.com%2F87386.html">
<link rel="alternate" type="text/xml+oembed" href="http://www.mottoin.com/wp-json/oembed/1.0/embed?url=http%3A%2F%2Fwww.mottoin.com%2F87386.html&amp;format=xml">
<meta name="keywords" content="JS验证实例, 上传漏洞, 上传绕过, 双重后缀名, 安全靶场, 文件重写, 渗透测试进阶, 特殊后缀名, 过滤绕过, Web安全, 技术控">
<meta name="description" content="*作者：Blood_Zer0 &amp; re4lity   0x00 上传漏洞 文件上传漏洞：用户上传了一个可执行的脚本文件，并通过此文件获取了执行服务端命令的能力。   	A、 允许直接上传脚本文件：php、jsp、aspx……  	B、 解析漏洞：IIS、Apache、Tomcat……    解析漏洞总结：  https://jiji262.githu">
<link rel="icon" href="http://img.mottoin.com/wp-content/uploads/2016/09/cropped-logo2-32x32.png" sizes="32x32">
<link rel="icon" href="http://img.mottoin.com/wp-content/uploads/2016/09/cropped-logo2-192x192.png" sizes="192x192">
<link rel="apple-touch-icon-precomposed" href="http://img.mottoin.com/wp-content/uploads/2016/09/cropped-logo2-180x180.png">
<meta name="msapplication-TileImage" content="http://img.mottoin.com/wp-content/uploads/2016/09/cropped-logo2-270x270.png">
<link rel="shortcut icon" href="http://www.mottoin.com/favicon.ico">
<!--[if lt IE 9]><script src="http://img.mottoin.com/wp-content/themes/dux/js/libs/html5.min.js"></script><![endif]-->
<script async="" data-requirecontext="_" data-requiremodule="main" src="./绕过限制上传文件总结-MottoIN_files/main.js.下载"></script><script src="./绕过限制上传文件总结-MottoIN_files/share.js.下载"></script><script async="" data-requirecontext="_" data-requiremodule="lazyload" src="./绕过限制上传文件总结-MottoIN_files/lazyload.min.js.下载"></script><script async="" data-requirecontext="_" data-requiremodule="signpop" src="./绕过限制上传文件总结-MottoIN_files/signpop.js.下载"></script><script async="" data-requirecontext="_" data-requiremodule="comment" src="./绕过限制上传文件总结-MottoIN_files/comment.js.下载"></script><link href="./绕过限制上传文件总结-MottoIN_files/share.css" rel="styleSheet" type="text/css"></head>
<body class="single single-post postid-87386 single-format-standard nav_fixed p_indent comment-open site-layout-2" style="position: static;">
<header class="header">
<div class="container">
<div class="logo"><a href="http://www.mottoin.com/" title="MottoIN-专注于互联网信息安全的科技媒体"><img src="./绕过限制上传文件总结-MottoIN_files/logo.png">MottoIN</a></div> <div class="brand">猫头鹰<br>安全媒体-舆情早知道</div> <ul class="site-nav site-navbar">
<li id="menu-item-54" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-home menu-item-54"><a href="http://www.mottoin.com/">首页</a></li>
<li id="menu-item-45" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-45"><a href="http://www.mottoin.com/news">资讯</a></li>
<li id="menu-item-28" class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor menu-item-has-children menu-item-28"><a href="http://www.mottoin.com/article">文章</a>
<ul class="sub-menu">
<li id="menu-item-29" class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-29"><a href="http://www.mottoin.com/article/web">Web安全</a></li>
<li id="menu-item-35" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-35"><a href="http://www.mottoin.com/article/system">系统安全</a></li>
<li id="menu-item-37" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-37"><a href="http://www.mottoin.com/article/network">网络安全</a></li>
<li id="menu-item-36" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-36"><a href="http://www.mottoin.com/article/terminal">终端安全</a></li>
<li id="menu-item-32" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-32"><a href="http://www.mottoin.com/article/database">数据安全</a></li>
<li id="menu-item-33" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-33"><a href="http://www.mottoin.com/article/wireless">无线安全</a></li>
<li id="menu-item-34" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-34"><a href="http://www.mottoin.com/article/social">社会工程</a></li>
<li id="menu-item-31" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-31"><a href="http://www.mottoin.com/article/intranet">内网渗透</a></li>
<li id="menu-item-30" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-30"><a href="http://www.mottoin.com/article/code">代码审计</a></li>
<li id="menu-item-84363" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84363"><a href="http://www.mottoin.com/article/reverse">逆向破解</a></li>
</ul>
</li>
<li id="menu-item-26" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-26"><a href="http://www.mottoin.com/tools">工具</a></li>
<li id="menu-item-38" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-38"><a href="http://www.mottoin.com/geek">极客</a></li>
<li id="menu-item-40" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-40"><a href="http://www.mottoin.com/sole">独家</a>
<ul class="sub-menu">
<li id="menu-item-84364" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84364"><a href="http://www.mottoin.com/sole/topic">专题</a></li>
<li id="menu-item-41" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-41"><a href="http://www.mottoin.com/sole/people">人物</a></li>
<li id="menu-item-43" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-43"><a href="http://www.mottoin.com/sole/view">观点</a></li>
<li id="menu-item-42" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-42"><a href="http://www.mottoin.com/sole/events">活动</a></li>
<li id="menu-item-44" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-44"><a href="http://www.mottoin.com/sole/video">视频</a></li>
</ul>
</li>
<li id="menu-item-27" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-27"><a href="http://www.mottoin.com/hr">招聘</a></li>
<li id="menu-item-52" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-52"><a href="http://www.mottoin.com/navs">安全导航</a></li>
<li class="navto-search"><a href="javascript:;" class="search-show active"><i class="fa fa-search"></i></a></li>
</ul>
<div class="topbar">
<ul class="site-nav topmenu">
<li id="menu-item-204" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-204"><a href="http://www.mottoin.com/tags">标签云</a></li>
<li id="menu-item-205" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-205"><a href="http://www.mottoin.com/readers">读者墙</a></li>
<li id="menu-item-88056" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-88056"><a href="http://www.mottoin.com/contribute">我要投稿</a></li>
<li class="menusns">
<a href="javascript:;">关注本站 <i class="fa fa-angle-down"></i></a>
<ul class="sub-menu">
<li><a class="sns-wechat" href="javascript:;" title="关注”Mottoin“" data-src="http://img.mottoin.com/wp-content/uploads/2016/07/qrcode_for_gh_af32a7c58306_430.jpg"><i class="fa fa-wechat"></i> 微信</a></li> <li><a target="_blank" rel="external nofollow" href="http://weibo.com/mottoin"><i class="fa fa-weibo"></i> 微博</a></li> <li><a target="_blank" rel="external nofollow" href="http://weibo.com/mottoin"><i class="fa fa-tencent-weibo"></i> 腾讯微博</a></li> <li><a target="_blank" rel="external nofollow" href="http://weibo.com/mottoin"><i class="fa fa-twitter"></i> Twitter</a></li> <li><a target="_blank" rel="external nofollow" href="http://weibo.com/mottoin"><i class="fa fa-facebook"></i> Facebook</a></li> <li><a target="_blank" href="http://www.mottoin.com/feed"><i class="fa fa-rss"></i> RSS订阅</a></li> </ul>
</li>
</ul>
<a href="javascript:;" class="signin-loader">Hi, 请登录</a>
&nbsp; &nbsp; <a href="javascript:;" class="signup-loader">我要注册</a>
&nbsp; &nbsp; <a href="http://www.mottoin.com/resent">找回密码</a>
</div>
<i class="fa fa-bars m-icon-nav"></i>
</div>
</header>
<div class="site-search">
<div class="container">
<form method="get" class="site-search-form" action="http://www.mottoin.com/"><input class="search-input" name="s" type="text" placeholder="输入关键字" value=""><button class="search-btn" type="submit"><i class="fa fa-search"></i></button></form> </div>
</div><section class="container">
<div class="content-wrap">
<div class="content">
<header class="article-header">
<h1 class="article-title"><a href="http://www.mottoin.com/87386.html">绕过限制上传文件总结</a></h1>
<div class="article-meta">
<span class="item">2016-08-17</span>
<span class="item">分类：<a href="http://www.mottoin.com/article/web" rel="category tag">Web安全</a> / <a href="http://www.mottoin.com/tech" rel="category tag">技术控</a></span>
<span class="item post-views">阅读(2768)</span> <span class="item">评论(0)</span>
<span class="item"></span>
</div>
</header>
<article class="article-content">
<p style="text-align: center;"><span style="color: #ff0000;">*作者：Blood_Zer0 &amp; re4lity</span></p>
<p style="text-align: center;">
</p><h2>0x00 上传漏洞</h2>
<p>文件上传漏洞：用户上传了一个可执行的脚本文件，并通过此文件获取了执行服务端命令的能力。</p>
<ul>
<li>A、 允许直接上传脚本文件：php、jsp、aspx……</li>
<li>B、 解析漏洞：IIS、Apache、Tomcat……</li>
</ul>
<p><img class="alignnone size-full wp-image-87387" src="./绕过限制上传文件总结-MottoIN_files/1-51.png" alt="1" width="630" height="255" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/1-51.png 630w, http://img.mottoin.com/wp-content/uploads/2016/08/1-51-300x121.png 300w" sizes="(max-width: 630px) 100vw, 630px" data-tag="bdshare"></p>
<p>解析漏洞总结：</p>
<p>https://jiji262.github.io/wooyun_articles/drops/%E8%A7%A3%E6%9E%90%E6%BC%8F%E6%B4%9E%E6%80%BB%E7%BB%93.html</p>
<h2>0x01 上传漏洞绕过</h2>
<h3>前端检测</h3>
<p><img class="alignnone size-full wp-image-88883" src="./绕过限制上传文件总结-MottoIN_files/1-96.png" alt="1" width="998" height="524" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/1-96.png 998w, http://img.mottoin.com/wp-content/uploads/2016/08/1-96-300x158.png 300w, http://img.mottoin.com/wp-content/uploads/2016/08/1-96-768x403.png 768w" sizes="(max-width: 998px) 100vw, 998px" data-tag="bdshare"></p>
<p>绕过限制</p>
<p>A、firebug禁用javascript</p>
<p><img class="alignnone size-full wp-image-87389" src="./绕过限制上传文件总结-MottoIN_files/3-42.png" alt="3" width="777" height="447" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/3-42.png 777w, http://img.mottoin.com/wp-content/uploads/2016/08/3-42-300x173.png 300w, http://img.mottoin.com/wp-content/uploads/2016/08/3-42-768x442.png 768w" sizes="(max-width: 777px) 100vw, 777px" data-tag="bdshare"></p>
<p><img class="alignnone size-full wp-image-87390" src="./绕过限制上传文件总结-MottoIN_files/4-38.png" alt="4" width="777" height="447" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/4-38.png 777w, http://img.mottoin.com/wp-content/uploads/2016/08/4-38-300x173.png 300w, http://img.mottoin.com/wp-content/uploads/2016/08/4-38-768x442.png 768w" sizes="(max-width: 777px) 100vw, 777px" data-tag="bdshare"></p>
<p>B、firebug修改允许上传类型</p>
<p><img class="alignnone size-full wp-image-87391" src="./绕过限制上传文件总结-MottoIN_files/5-28.png" alt="5" width="696" height="503" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/5-28.png 696w, http://img.mottoin.com/wp-content/uploads/2016/08/5-28-300x217.png 300w" sizes="(max-width: 696px) 100vw, 696px" data-tag="bdshare"></p>
<p>C、Burp绕过限制</p>
<p>D、本地构造html代码</p>
<p><img class="alignnone size-full wp-image-87392" src="./绕过限制上传文件总结-MottoIN_files/6-24.png" alt="6" width="619" height="124" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/6-24.png 619w, http://img.mottoin.com/wp-content/uploads/2016/08/6-24-300x60.png 300w" sizes="(max-width: 619px) 100vw, 619px" data-tag="bdshare"></p>
<h3>后端检测-MIME</h3>
<p><img class="alignnone size-full wp-image-87393" src="./绕过限制上传文件总结-MottoIN_files/7-17.png" alt="7" width="619" height="385" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/7-17.png 619w, http://img.mottoin.com/wp-content/uploads/2016/08/7-17-300x187.png 300w" sizes="(max-width: 619px) 100vw, 619px" data-tag="bdshare"></p>
<p><img class="alignnone size-full wp-image-87394" src="./绕过限制上传文件总结-MottoIN_files/8-19.png" alt="8" width="858" height="566" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/8-19.png 858w, http://img.mottoin.com/wp-content/uploads/2016/08/8-19-300x198.png 300w, http://img.mottoin.com/wp-content/uploads/2016/08/8-19-768x507.png 768w" sizes="(max-width: 858px) 100vw, 858px" data-tag="bdshare"></p>
<p>修改为：</p>
<p><img class="alignnone size-full wp-image-87395" src="./绕过限制上传文件总结-MottoIN_files/9-16.png" alt="9" width="969" height="496" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/9-16.png 969w, http://img.mottoin.com/wp-content/uploads/2016/08/9-16-300x154.png 300w, http://img.mottoin.com/wp-content/uploads/2016/08/9-16-768x393.png 768w" sizes="(max-width: 969px) 100vw, 969px" data-tag="bdshare"></p>
<p><img class="alignnone size-full wp-image-87396" src="./绕过限制上传文件总结-MottoIN_files/10-9.png" alt="10" width="936" height="261" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/10-9.png 936w, http://img.mottoin.com/wp-content/uploads/2016/08/10-9-300x84.png 300w, http://img.mottoin.com/wp-content/uploads/2016/08/10-9-768x214.png 768w" sizes="(max-width: 936px) 100vw, 936px" data-tag="bdshare"></p>
<p><img class="alignnone size-full wp-image-87397" src="./绕过限制上传文件总结-MottoIN_files/11-10.png" alt="11" width="658" height="127" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/11-10.png 658w, http://img.mottoin.com/wp-content/uploads/2016/08/11-10-300x58.png 300w" sizes="(max-width: 658px) 100vw, 658px" data-tag="bdshare"></p>
<p>HTTP Content-type 对照表：http://tool.oschina.net/commons</p>
<h3>后端检测-文件头</h3>
<p><img class="alignnone size-full wp-image-87398" src="./绕过限制上传文件总结-MottoIN_files/12-5.png" alt="12" width="619" height="425" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/12-5.png 619w, http://img.mottoin.com/wp-content/uploads/2016/08/12-5-300x206.png 300w, http://img.mottoin.com/wp-content/uploads/2016/08/12-5-220x150.png 220w" sizes="(max-width: 619px) 100vw, 619px" data-tag="bdshare"></p>
<p>对于文件头的检测，我们可以通过使用jpg图片马来绕过！</p>
<h3>后端检测-文件扩展名</h3>
<h3>白名单</h3>
<p><img class="alignnone size-full wp-image-87399" src="./绕过限制上传文件总结-MottoIN_files/13-7.png" alt="13" width="619" height="505" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/13-7.png 619w, http://img.mottoin.com/wp-content/uploads/2016/08/13-7-300x245.png 300w" sizes="(max-width: 619px) 100vw, 619px" data-tag="bdshare"></p>
<h3>白名单</h3>
<p><img class="alignnone size-full wp-image-87400" src="./绕过限制上传文件总结-MottoIN_files/14-7.png" alt="14" width="618" height="506" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/14-7.png 618w, http://img.mottoin.com/wp-content/uploads/2016/08/14-7-300x246.png 300w" sizes="(max-width: 618px) 100vw, 618px" data-tag="bdshare"></p>
<p>黑名单与白名单的绕过通常需要配合解析漏洞来绕过；</p>
<p>案例分析：http://www.myhack58.com/Article/html/2/5/2014/44712.htm</p>
<h3>目录禁止执行</h3>
<p>在上传目录中新建目录：一般情况下，如果当前目录被限制了执行脚本，但是我们会拥有一个写的权限，可以新建一个目录，此时这个目录就拥有了执行权限；</p>
<p><img class="alignnone size-full wp-image-87401" src="./绕过限制上传文件总结-MottoIN_files/15-6.png" alt="15" width="741" height="269" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/15-6.png 741w, http://img.mottoin.com/wp-content/uploads/2016/08/15-6-300x109.png 300w" sizes="(max-width: 741px) 100vw, 741px" data-tag="bdshare"></p>
<p>案例分析：http://www.2cto.com/Article/201311/257408.html</p>
<h3>双文件上传</h3>
<p>通常用于asp绕过限制中</p>
<p><img class="alignnone size-full wp-image-87402" src="./绕过限制上传文件总结-MottoIN_files/16-6.png" alt="16" width="1337" height="202" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/16-6.png 1337w, http://img.mottoin.com/wp-content/uploads/2016/08/16-6-300x45.png 300w, http://img.mottoin.com/wp-content/uploads/2016/08/16-6-768x116.png 768w, http://img.mottoin.com/wp-content/uploads/2016/08/16-6-1024x155.png 1024w" sizes="(max-width: 1337px) 100vw, 1337px" data-tag="bdshare"></p>
<p>第一个上传选择正常的jpg图片，第2个选择我们的马，上传突破</p>
<h3>重写解析规则</h3>
<p>上传覆盖.htaccess文件，重写解析规则，将上传的带有脚本马的图片以脚本方式解析。</p>
<p><img class="alignnone size-full wp-image-87403" src="./绕过限制上传文件总结-MottoIN_files/17-3.png" alt="17" width="341" height="57" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/17-3.png 341w, http://img.mottoin.com/wp-content/uploads/2016/08/17-3-300x50.png 300w" sizes="(max-width: 341px) 100vw, 341px" data-tag="bdshare"></p>
<p>在可以上传.htaccess文件时，先上传.htaccess文件，覆盖掉原先的.htaccess文件；再上传【evil.gif】文件。使用图中的.htaccess语句，即可将【evil.gif】文件以php脚本方式解析。</p>
<h3>其它方式</h3>
<p>部分程序员的思维不严谨，并使用逻辑不完善的上传文件合法性检测手段，导致可以找到方式绕过其检测方式。</p>
<h3>1. 后缀名大小写绕过</h3>
<p>用于只将小写的脚本后缀名(如php)过滤掉的场合；</p>
<p><img class="alignnone size-full wp-image-87404" src="./绕过限制上传文件总结-MottoIN_files/bypass_upload_4-1024x485.png" alt="bypass_upload_4-1024x485" width="762" height="485" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/bypass_upload_4-1024x485.png 762w, http://img.mottoin.com/wp-content/uploads/2016/08/bypass_upload_4-1024x485-300x191.png 300w" sizes="(max-width: 762px) 100vw, 762px" data-tag="bdshare"></p>
<p>例如:将Burpsuite截获的数据包中的文件名【evil.php】改为【evil.Php】</p>
<h3>2. 双写后缀名绕过</h3>
<p>用于只将文件后缀名，例如”php”字符串过滤的场合；</p>
<p><img class="alignnone size-full wp-image-87405" src="./绕过限制上传文件总结-MottoIN_files/18-2.png" alt="18" width="681" height="517" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/18-2.png 681w, http://img.mottoin.com/wp-content/uploads/2016/08/18-2-300x228.png 300w" sizes="(max-width: 681px) 100vw, 681px" data-tag="bdshare"></p>
<p>例如:上传时将Burpsuite截获的数据包中文件名【evil.php】改为【evil.pphphp】，那么过滤了第一个”php”字符串”后，开头的’p’和结尾的’hp’就组合又形成了【php】。</p>
<h3>3. 特殊后缀名绕过</h3>
<p>用于检测文件合法性的脚本有问题的场合；</p>
<p><img class="alignnone size-full wp-image-87406" src="./绕过限制上传文件总结-MottoIN_files/19-3.png" alt="19" width="690" height="506" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/19-3.png 690w, http://img.mottoin.com/wp-content/uploads/2016/08/19-3-300x220.png 300w" sizes="(max-width: 690px) 100vw, 690px" data-tag="bdshare"></p>
<p>例如:将Burpsuite截获的数据包中【evil.php】名字改为【evil.php6】，或加个空格改为【evil.php 】等。</p>
<h2>0x02 资料</h2>
<p>整理了两篇文件上传方面的文档分享给大家《Upload Attack Framework》and 《Bypass Upload Validation Framework V0.9》</p>
<p>文档主要介绍了上传漏洞的利用，涉及客户端验证绕过，服务器端上传验证绕过，Content-Type检测，.htaccess文件攻击，apache文件名解析漏洞等，”只要一个上传点，便能搞定整个服务器。”，虽然有点夸张，但可见上传漏洞在web应用安全中的严重程度。</p>
<p><img class="alignnone size-full wp-image-87407" src="./绕过限制上传文件总结-MottoIN_files/20-2.png" alt="20" width="536" height="537" srcset="http://img.mottoin.com/wp-content/uploads/2016/08/20-2.png 536w, http://img.mottoin.com/wp-content/uploads/2016/08/20-2-150x150.png 150w, http://img.mottoin.com/wp-content/uploads/2016/08/20-2-300x300.png 300w" sizes="(max-width: 536px) 100vw, 536px" data-tag="bdshare"></p>
<h3>Upload Attack Framework下载</h3>
<p><a href="http://www.mottoin.com/wp-content/uploads/2016/08/Upload_Attack_Framework.pdf">Upload_Attack_Framework</a></p>
<h3>Bypass Upload Validation Framework 下载</h3>
<p><a href="http://www.mottoin.com/wp-content/uploads/2016/08/Bypass-Upload-Validation-Framework-.pdf">Bypass Upload Validation Framework</a></p>
<p>&nbsp;</p>
<p style="text-align: center;">*作者：Blood_Zer0 &amp; re4lity，未经许可不得转载。</p>
<p class="post-copyright">未经允许不得转载：<a href="http://www.mottoin.com/">MottoIN</a> » <a href="http://www.mottoin.com/87386.html">绕过限制上传文件总结</a></p> </article>
<div class="action-share bdsharebuttonbox bdshare-button-style0-24" data-bd-bind="1479474546017">
<span>分享到：</span><a class="bds_qzone" data-cmd="qzone" title="分享到QQ空间"></a><a class="bds_tsina" data-cmd="tsina" title="分享到新浪微博"></a><a class="bds_weixin" data-cmd="weixin" title="分享到微信"></a><a class="bds_tqq" data-cmd="tqq" title="分享到腾讯微博"></a><a class="bds_sqq" data-cmd="sqq" title="分享到QQ好友"></a><a class="bds_bdhome" data-cmd="bdhome" title="分享到百度新首页"></a><a class="bds_tqf" data-cmd="tqf" title="分享到腾讯朋友"></a><a class="bds_renren" data-cmd="renren" title="分享到人人网"></a><a class="bds_diandian" data-cmd="diandian" title="分享到点点网"></a><a class="bds_youdao" data-cmd="youdao" title="分享到有道云笔记"></a><a class="bds_ty" data-cmd="ty" title="分享到天涯社区"></a><a class="bds_kaixin001" data-cmd="kaixin001" title="分享到开心网"></a><a class="bds_taobao" data-cmd="taobao"></a><a class="bds_douban" data-cmd="douban" title="分享到豆瓣网"></a><a class="bds_fbook" data-cmd="fbook" title="分享到Facebook"></a><a class="bds_twi" data-cmd="twi" title="分享到Twitter"></a><a class="bds_mail" data-cmd="mail" title="分享到邮件分享"></a><a class="bds_copy" data-cmd="copy" title="分享到复制网址"></a><a class="bds_more" data-cmd="more">更多</a> <span>(</span><a class="bds_count" data-cmd="count" title="累计分享2次">2</a><span>)</span> </div>
<div class="article-tags">标签：<a href="http://www.mottoin.com/tag/js%e9%aa%8c%e8%af%81%e5%ae%9e%e4%be%8b" rel="tag">JS验证实例</a><a href="http://www.mottoin.com/tag/%e4%b8%8a%e4%bc%a0%e6%bc%8f%e6%b4%9e" rel="tag">上传漏洞</a><a href="http://www.mottoin.com/tag/%e4%b8%8a%e4%bc%a0%e7%bb%95%e8%bf%87" rel="tag">上传绕过</a><a href="http://www.mottoin.com/tag/%e5%8f%8c%e9%87%8d%e5%90%8e%e7%bc%80%e5%90%8d" rel="tag">双重后缀名</a><a href="http://www.mottoin.com/tag/%e5%ae%89%e5%85%a8%e9%9d%b6%e5%9c%ba" rel="tag">安全靶场</a><a href="http://www.mottoin.com/tag/%e6%96%87%e4%bb%b6%e9%87%8d%e5%86%99" rel="tag">文件重写</a><a href="http://www.mottoin.com/tag/%e6%b8%97%e9%80%8f%e6%b5%8b%e8%af%95%e8%bf%9b%e9%98%b6" rel="tag">渗透测试进阶</a><a href="http://www.mottoin.com/tag/%e7%89%b9%e6%ae%8a%e5%90%8e%e7%bc%80%e5%90%8d" rel="tag">特殊后缀名</a><a href="http://www.mottoin.com/tag/%e8%bf%87%e6%bb%a4%e7%bb%95%e8%bf%87" rel="tag">过滤绕过</a></div>
<div class="relates"><div class="title"><h3>相关推荐</h3></div><ul><li><a href="http://www.mottoin.com/92113.html">使用nmap和自定义子域名文件发现目标子域</a></li><li><a href="http://www.mottoin.com/92091.html">绕过混合内容警告 – 在安全的页面加载不安全的内容</a></li><li><a href="http://www.mottoin.com/92079.html">CVE-2016-5007 Spring Security / MVC Path Matching Inconsistency</a></li><li><a href="http://www.mottoin.com/91908.html">在SQLite中实现命令执行</a></li><li><a href="http://www.mottoin.com/92001.html">在 Kali Linux 下实战 Nmap（网络安全扫描器）</a></li><li><a href="http://www.mottoin.com/91981.html">命令行注入绕过过滤器的多个方法</a></li><li><a href="http://www.mottoin.com/91825.html">SQLi、权限提升和PowerShell Empire</a></li><li><a href="http://www.mottoin.com/91806.html">使用Commix绕过安全防护利用命令执行漏洞</a></li></ul></div> <div class="title" id="comments">
<h3>评论 <small>抢沙发</small></h3>
</div>
<div id="respond" class="no_webshot">
<div class="comment-signarea">
<h3 class="text-muted">评论前必须登录！</h3>
<p>
<a href="javascript:;" class="btn btn-primary signin-loader">立即登录</a> &nbsp;
<a href="javascript:;" class="btn btn-default signup-loader">注册</a>
</p>
</div>
</div>
</div>
</div>
<aside class="sidebar">
<div class="widget widget_ui_ads"><div class="item"><a href="http://www.jomotto.com/arrisec.html" target="_blank"><img src="./绕过限制上传文件总结-MottoIN_files/team.jpg"></a></div></div><div class="widget widget_ui_textasb"><a class="style01" href="http://www.jomotto.com/" target="_blank"><strong>吐血推荐</strong><h2>懋彤信息-JoMotto</h2><p>上海懋彤信息科技有限公司以“数据驱动安全”为愿景，利用大数据和云计算应对企业信息安全挑战。构建网络态势感知体系，持续性威胁监测，全方位保障企业数据、产品、网站、应用和服务安全。</p></a></div><div class="widget widget_ui_ads"><div class="item"><a href="./绕过限制上传文件总结-MottoIN_files/qrcode_for_gh_af32a7c58306_430.jpg" target="_blank"><img src="./绕过限制上传文件总结-MottoIN_files/qrcode_for_gh_af32a7c58306_430.jpg"></a></div></div><div class="widget widget_ui_textasb"><a class="style01" href="http://shang.qq.com/wpa/qunwpa?idkey=5fe0220a0e1281ba68bac4e81dfd380662869ce528d913d5f121aa235a24af90" target="_blank"><strong>加群啦！！！</strong><h2>MottoIN 官方交流群</h2><p>MottoIn：91954310
<br>
<br>欢迎大家随时加入！
<br>
<br><img border="0" src="./绕过限制上传文件总结-MottoIN_files/group.png" alt="MottoIn" title="MottoIn"></p></a></div><div class="widget widget_ui_posts"><h3>热门文章</h3><ul><li><a target="_blank" href="http://www.mottoin.com/84342.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/1433086667939204.png-220x150.jpg" alt="Nginx攻击日志分析-MottoIN" class="thumb"></span><span class="text">Nginx攻击日志分析</span><span class="muted">2016-07-20</span><span class="muted">评论(8)</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/86226.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/BlackHat-2016-3-624x468-624x468-220x150.jpg" alt="BlackHat 2016第一天会议精彩议题回顾(附PPT下载)-MottoIN" class="thumb"></span><span class="text">BlackHat 2016第一天会议精彩议题回顾(附PPT下载)</span><span class="muted">2016-08-04</span><span class="muted">评论(4)</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/86354.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/Fig2-220x150.png" alt="FAKENET-NG：下一代动态网络分析工具-MottoIN" class="thumb"></span><span class="text">FAKENET-NG：下一代动态网络分析工具</span><span class="muted">2016-08-05</span><span class="muted">评论(4)</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/85300.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/CBStrike-220x150.png" alt="Cobalt strike browser pivot的应用实例-MottoIN" class="thumb"></span><span class="text">Cobalt strike browser pivot的应用实例</span><span class="muted">2016-07-28</span><span class="muted">评论(3)</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/85943.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/20130412002211_66246-220x150.jpg" alt="从外网注入引发的内网血案-MottoIN" class="thumb"></span><span class="text">从外网注入引发的内网血案</span><span class="muted">2016-08-02</span><span class="muted">评论(3)</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/90674.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/t01411df992f55fb231-220x150.png" alt="Cobalt Strike v3.5.1 20161003 Cracked 无弹窗提示（远程执行修复）附使用教程-MottoIN" class="thumb"></span><span class="text">Cobalt Strike v3.5.1 20161003 Cracked 无弹窗提示（远程执行修复）附使用教程</span><span class="muted">2016-10-20</span><span class="muted">评论(3)</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/86117.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/2-14-220x150.png" alt="Apache Shiro Java 反序列化漏洞分析-MottoIN" class="thumb"></span><span class="text">Apache Shiro Java 反序列化漏洞分析</span><span class="muted">2016-08-03</span><span class="muted">评论(3)</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/85333.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/640-6-220x150.jpg" alt="LastPass存在一个严重漏洞，可泄露你的全部密码-MottoIN" class="thumb"></span><span class="text">LastPass存在一个严重漏洞，可泄露你的全部密码</span><span class="muted">2016-07-28</span><span class="muted">评论(2)</span></a></li>
</ul></div><div class="widget widget_ui_posts"><h3>置顶推荐</h3><ul><li><a target="_blank" href="http://www.mottoin.com/92243.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/下载-1-1-220x150.jpg" alt="情报共享：谈何容易-MottoIN" class="thumb"></span><span class="text">情报共享：谈何容易</span><span class="muted">2016-11-18</span><span class="muted">评论()</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/92192.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/1683fb874da7692e98fd13dc9c8f3326-220x150.jpg" alt="专访：针对世界各地区组织的黑客Kapustkiy-MottoIN" class="thumb"></span><span class="text">专访：针对世界各地区组织的黑客Kapustkiy</span><span class="muted">2016-11-18</span><span class="muted">评论()</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/92201.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/jx1-220x150.png" alt="【11月22日】锦行科技出奇•守正-幻云发布会即将重磅开启-MottoIN" class="thumb"></span><span class="text">【11月22日】锦行科技出奇•守正-幻云发布会即将重磅开启</span><span class="muted">2016-11-18</span><span class="muted">评论()</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/92193.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/687474703a2f2f646c322e6a6f78692e6e65742f64726976652f323031362f30382f31322f303030312f303337382f39303439302f39302f323536353863313166652e6a7067-220x150.jpg" alt="OpenDoor：Owasp出品的开源目录扫描器-MottoIN" class="thumb"></span><span class="text">OpenDoor：Owasp出品的开源目录扫描器</span><span class="muted">2016-11-18</span><span class="muted">评论()</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/92180.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/113748qa422q2auu9szssk-220x150.jpg" alt="GitHub 800 万用户信息疑似泄露-MottoIN" class="thumb"></span><span class="text">GitHub 800 万用户信息疑似泄露</span><span class="muted">2016-11-18</span><span class="muted">评论()</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/92166.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/wzzhy-220x150.jpg" alt="周鸿祎帮你一篇文章看懂乌镇互联网大会两大热点：互联网经济下半场、人工智能-MottoIN" class="thumb"></span><span class="text">周鸿祎帮你一篇文章看懂乌镇互联网大会两大热点：互联网经济下半场、人工智能</span><span class="muted">2016-11-17</span><span class="muted">评论()</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/92104.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/20151128093532577-220x150.jpg" alt="使用Raspberry Pi Zero在锁定的计算机中安装后门-MottoIN" class="thumb"></span><span class="text">使用Raspberry Pi Zero在锁定的计算机中安装后门</span><span class="muted">2016-11-17</span><span class="muted">评论()</span></a></li>
<li><a target="_blank" href="http://www.mottoin.com/92122.html"><span class="thumbnail"><img src="./绕过限制上传文件总结-MottoIN_files/688a064cc6054d5c9705575439b824d8-220x150.jpg" alt="无线之破解wpa2加密的wifi密码-MottoIN" class="thumb"></span><span class="text">无线之破解wpa2加密的wifi密码</span><span class="muted">2016-11-17</span><span class="muted">评论()</span></a></li>
</ul></div><div class="widget widget_ui_comments"><h3>最新评论</h3><ul><li><a href="http://www.mottoin.com/84750.html#comment-138" title="详解SpringMVC框架中常见漏洞的防御上的评论"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: block;"> <strong>mmc</strong> 2天前说：<br>int形式注入也可以防范吗？</a></li><li><a href="http://www.mottoin.com/91981.html#comment-137" title="命令行注入绕过过滤器的多个方法上的评论"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: block;"> <strong>cloudstar</strong> 2天前说：<br>沙发</a></li><li><a href="http://www.mottoin.com/90674.html#comment-125" title="Cobalt Strike v3.5.1 20161003 Cracked 无弹窗提示（远程执行修复）附使用教程上的评论"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: block;"> <strong>bzw</strong> 2周前 (11-05)说：<br>多谢分享，换了几个美加vps做代理都不能下，还好这里有最新版</a></li><li><a href="http://www.mottoin.com/89355.html#comment-122" title="Windows提权基础上的评论"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/10/b7dda076jw1f61hhx6e9ij20hs0hsjro_meitu_1-150x150.jpg" width="50" height="50" alt="SecPaper" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 alignnone photo" src="./绕过限制上传文件总结-MottoIN_files/b7dda076jw1f61hhx6e9ij20hs0hsjro_meitu_1-150x150.jpg" style="display: block;"> <strong>SecPaper</strong> 2周前 (11-04)说：<br>可以，转载请注明版权</a></li><li><a href="http://www.mottoin.com/89355.html#comment-121" title="Windows提权基础上的评论"><img data-src="http://cn.gravatar.com/avatar/47962c7c8c5d1ced6e6dad7e572ff50a?s=50&amp;d=http%3A%2F%2Fwww.mottoin.com%2Fwp-content%2Fthemes%2Fdux%2Fimg%2Favatar-default.png&amp;r=g" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/47962c7c8c5d1ced6e6dad7e572ff50a" style="display: block;"> <strong>Redy</strong> 2周前 (11-03)说：<br>可以转载么？</a></li><li><a href="http://www.mottoin.com/90674.html#comment-120" title="Cobalt Strike v3.5.1 20161003 Cracked 无弹窗提示（远程执行修复）附使用教程上的评论"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/10/b7dda076jw1f61hhx6e9ij20hs0hsjro_meitu_1-150x150.jpg" width="50" height="50" alt="SecPaper" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 alignnone photo" src="./绕过限制上传文件总结-MottoIN_files/b7dda076jw1f61hhx6e9ij20hs0hsjro_meitu_1-150x150.jpg" style="display: block;"> <strong>SecPaper</strong> 3周前 (10-26)说：<br>Cobalt Strike说明:
必须安装java环境。
Linux系统上先搭建主服务端。
cd /opt/cobaltstrike/ #程序路径
chmod</a></li><li><a href="http://www.mottoin.com/90674.html#comment-118" title="Cobalt Strike v3.5.1 20161003 Cracked 无弹窗提示（远程执行修复）附使用教程上的评论"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: block;"> <strong>hero</strong> 3周前 (10-26)说：<br>启动一直提示错误~！！！！</a></li><li><a href="http://www.mottoin.com/88809.html#comment-102" title="Python中编码二三事上的评论"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: block;"> <strong>coulon_x</strong> 2个月前 (09-16)说：<br>还是有些问题不太理解啊。WIN的命令行下默认编码是GBK的，SQLMAP代码应该是UTF-8的，但是为什么使用sqlmap在WIN命令行下可以读取到一些中文内容并且正常显示。但是在执行命令时不可以使用</a></li><li><a href="http://www.mottoin.com/88941.html#comment-101" title="Kali Linux 2016.2初体验上的评论"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/10/b7dda076jw1f61hhx6e9ij20hs0hsjro_meitu_1-150x150.jpg" width="50" height="50" alt="SecPaper" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 alignnone photo" src="./绕过限制上传文件总结-MottoIN_files/b7dda076jw1f61hhx6e9ij20hs0hsjro_meitu_1-150x150.jpg" style="display: block;"> <strong>seceditor</strong> 2个月前 (09-16)说：<br>是我的小宝贝！！加-no-sandbox 的参数 chrome明显会变快！关于docker和redis是不自带的吧~ Docker玩家可以看看Kali团队推出的Docker镜</a></li><li><a href="http://www.mottoin.com/88941.html#comment-100" title="Kali Linux 2016.2初体验上的评论"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: block;"> <strong>coulon_x</strong> 2个月前 (09-16)说：<br>我一打开看到第一篇文章就是我的小宝贝儿写的啊。
浏览器那个建议你在执行文件倒数第二行那个地方，加个--allow-root那个玩意。打不开就再加一个--no-sandbox。不然还得切换用户好烦。</a></li></ul></div><div class="widget widget_ui_readers"><h3>活跃读者</h3><ul><li><a title="[seceditor] 近期点评13次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/10/b7dda076jw1f61hhx6e9ij20hs0hsjro_meitu_1-150x150.jpg" width="50" height="50" alt="SecPaper" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 alignnone photo" src="./绕过限制上传文件总结-MottoIN_files/b7dda076jw1f61hhx6e9ij20hs0hsjro_meitu_1-150x150.jpg" style="display: inline;"></a></li><li><a title="[muxi_] 近期点评8次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[xiaowangzi] 近期点评6次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[muxi_jing] 近期点评3次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[Hypnos] 近期点评2次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/head-1-150x150.jpg" width="50" height="50" alt="Hypnos" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 alignnone photo" src="./绕过限制上传文件总结-MottoIN_files/head-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[petit] 近期点评2次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[coulon_x] 近期点评2次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[SecPaper] 近期点评2次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/10/b7dda076jw1f61hhx6e9ij20hs0hsjro_meitu_1-150x150.jpg" width="50" height="50" alt="SecPaper" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 alignnone photo" src="./绕过限制上传文件总结-MottoIN_files/b7dda076jw1f61hhx6e9ij20hs0hsjro_meitu_1-150x150.jpg" style="display: inline;"></a></li><li><a title="[Tower] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[cys] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[隔壁老王] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[robert] 近期点评1次" target="_blank" href="http://www.mottoin.com/"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/08/97d9c523679c8d5953914b6dfbff53b0-150x150.jpg" width="50" height="50" alt="robert" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 alignnone photo" src="./绕过限制上传文件总结-MottoIN_files/97d9c523679c8d5953914b6dfbff53b0-150x150.jpg" style="display: inline;"></a></li><li><a title="[drop] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[伟爷] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[XXX] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[justplay] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[盐是咸咸的甜] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[梧桐] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[rainism] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[dsddd] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[独自等待] 近期点评1次" target="_blank" href="http://www.waitalone.cn/"><img data-src="http://cn.gravatar.com/avatar/5d5556a7749617062d9460a6c43bbd1a?s=50&amp;d=http%3A%2F%2Fwww.mottoin.com%2Fwp-content%2Fthemes%2Fdux%2Fimg%2Favatar-default.png&amp;r=g" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/5d5556a7749617062d9460a6c43bbd1a" style="display: inline;"></a></li><li><a title="[The little prince] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[nainailwkk] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[m09046105] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[atiger77] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[passenger] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[k1dd1me] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[hero] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[Redy] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://cn.gravatar.com/avatar/47962c7c8c5d1ced6e6dad7e572ff50a?s=50&amp;d=http%3A%2F%2Fwww.mottoin.com%2Fwp-content%2Fthemes%2Fdux%2Fimg%2Favatar-default.png&amp;r=g" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/47962c7c8c5d1ced6e6dad7e572ff50a" style="display: inline;"></a></li><li><a title="[bzw] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[cloudstar] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li><li><a title="[mmc] 近期点评1次" target="_blank" href="javascript:;"><img data-src="http://img.mottoin.com/wp-content/uploads/2016/07/未标题-1-150x150.jpg" width="50" height="50" alt="" class="avatar avatar-50 wp-user-avatar wp-user-avatar-50 photo avatar-default" src="./绕过限制上传文件总结-MottoIN_files/未标题-1-150x150.jpg" style="display: inline;"></a></li></ul></div></aside></section>
<div class="branding branding-black">
<div class="container">
<h2>MottoIN 换一个角度看安全</h2>
<a target="blank" class="btn btn-lg" href="http://www.mottoin.com/report">寻求报道</a><a target="blank" class="btn btn-lg" href="http://www.mottoin.com/contact">联系我们</a> </div>
</div>
<footer class="footer">
<div class="container">
<p>© 2016 <a href="http://www.mottoin.com/">MottoIN</a> &nbsp; <a href="http://www.miitbeian.gov.cn/">沪ICP备16010654号-5</a>
<a href="http://www.mottoin.com/sitemap.xml">网站地图</a></p>
<a href="https://www.upyun.com/index.html" target="_blank"><img src="./绕过限制上传文件总结-MottoIN_files/upyun.png"></a>
<script type="text/javascript">var cnzz_protocol =(("https:" ==document.location.protocol) ?" https://" :" http://");document.write(unescape("%3Cspan id='cnzz_stat_icon_1260584458'%3E%3C/span%3E%3Cscript src='" + cnzz_protocol + "s95.cnzz.com/z_stat.php%3Fid%3D1260584458%26show%3Dpic1' type='text/javascript'%3E%3C/script%3E"));</script><span id="cnzz_stat_icon_1260584458"><a href="http://www.cnzz.com/stat/website.php?web_id=1260584458" target="_blank" title="站长统计"><img border="0" hspace="0" vspace="0" src="./绕过限制上传文件总结-MottoIN_files/pic1.gif"></a></span><script src="./绕过限制上传文件总结-MottoIN_files/z_stat.php" type="text/javascript"></script><script src="./绕过限制上传文件总结-MottoIN_files/core.php" charset="utf-8" type="text/javascript"></script> </div>
</footer>
<script>window.jsui={www:'http://www.mottoin.com',uri:'http://www.mottoin.com/wp-content/themes/dux',ver:'1.5',roll:["1","2","3"],ajaxpager:'5',url_rp:'http://www.mottoin.com/resent'
};</script>
<script type="text/javascript" src="./绕过限制上传文件总结-MottoIN_files/highlight.pack.js.下载"></script>
<script type="text/javascript" src="./绕过限制上传文件总结-MottoIN_files/jquery.min.js.下载"></script>
<script type="text/javascript" src="./绕过限制上传文件总结-MottoIN_files/bootstrap.min.js.下载"></script>
<script type="text/javascript" src="./绕过限制上传文件总结-MottoIN_files/loader.js.下载"></script>
<script type="text/javascript" src="./绕过限制上传文件总结-MottoIN_files/wp-embed.min.js.下载"></script>

<div style="position: static; width: 0px; height: 0px; border: none; padding: 0px; margin: 0px;"><div id="trans-tooltip"><div id="tip-left-top" style="background: url(&quot;chrome-extension://ikkbfngojljohpekonpldkamedehakni/imgs/map/tip-left-top.png&quot;);"></div><div id="tip-top" style="background: url(&quot;chrome-extension://ikkbfngojljohpekonpldkamedehakni/imgs/map/tip-top.png&quot;) repeat-x;"></div><div id="tip-right-top" style="background: url(&quot;chrome-extension://ikkbfngojljohpekonpldkamedehakni/imgs/map/tip-right-top.png&quot;);"></div><div id="tip-right" style="background: url(&quot;chrome-extension://ikkbfngojljohpekonpldkamedehakni/imgs/map/tip-right.png&quot;) repeat-y;"></div><div id="tip-right-bottom" style="background: url(&quot;chrome-extension://ikkbfngojljohpekonpldkamedehakni/imgs/map/tip-right-bottom.png&quot;);"></div><div id="tip-bottom" style="background: url(&quot;chrome-extension://ikkbfngojljohpekonpldkamedehakni/imgs/map/tip-bottom.png&quot;) repeat-x;"></div><div id="tip-left-bottom" style="background: url(&quot;chrome-extension://ikkbfngojljohpekonpldkamedehakni/imgs/map/tip-left-bottom.png&quot;);"></div><div id="tip-left" style="background: url(&quot;chrome-extension://ikkbfngojljohpekonpldkamedehakni/imgs/map/tip-left.png&quot;);"></div><div id="trans-content"></div></div><div id="tip-arrow-bottom" style="background: url(&quot;chrome-extension://ikkbfngojljohpekonpldkamedehakni/imgs/map/tip-arrow-bottom.png&quot;);"></div><div id="tip-arrow-top" style="background: url(&quot;chrome-extension://ikkbfngojljohpekonpldkamedehakni/imgs/map/tip-arrow-top.png&quot;);"></div></div>    <div class="m-mask"></div>    <div class="rollbar" style="display: none;"><ul><li><a href="javascript:(scrollTo(&#39;#comments&#39;,-15));"><i class="fa fa-comments"></i></a><h6>去评论<i></i></h6></li><li><a href="javascript:(scrollTo());"><i class="fa fa-angle-up"></i></a><h6>去顶部<i></i></h6></li>    </ul></div><ul class="m-navbar">
<li id="menu-item-54" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-home menu-item-54"><a href="http://www.mottoin.com/">首页</a></li>
<li id="menu-item-45" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-45"><a href="http://www.mottoin.com/news">资讯</a></li>
<li id="menu-item-28" class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor menu-item-has-children menu-item-28"><a href="http://www.mottoin.com/article">文章</a>
<ul class="sub-menu">
<li id="menu-item-29" class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-29"><a href="http://www.mottoin.com/article/web">Web安全</a></li>
<li id="menu-item-35" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-35"><a href="http://www.mottoin.com/article/system">系统安全</a></li>
<li id="menu-item-37" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-37"><a href="http://www.mottoin.com/article/network">网络安全</a></li>
<li id="menu-item-36" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-36"><a href="http://www.mottoin.com/article/terminal">终端安全</a></li>
<li id="menu-item-32" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-32"><a href="http://www.mottoin.com/article/database">数据安全</a></li>
<li id="menu-item-33" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-33"><a href="http://www.mottoin.com/article/wireless">无线安全</a></li>
<li id="menu-item-34" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-34"><a href="http://www.mottoin.com/article/social">社会工程</a></li>
<li id="menu-item-31" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-31"><a href="http://www.mottoin.com/article/intranet">内网渗透</a></li>
<li id="menu-item-30" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-30"><a href="http://www.mottoin.com/article/code">代码审计</a></li>
<li id="menu-item-84363" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84363"><a href="http://www.mottoin.com/article/reverse">逆向破解</a></li>
</ul>
</li>
<li id="menu-item-26" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-26"><a href="http://www.mottoin.com/tools">工具</a></li>
<li id="menu-item-38" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-38"><a href="http://www.mottoin.com/geek">极客</a></li>
<li id="menu-item-40" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-40"><a href="http://www.mottoin.com/sole">独家</a>
<ul class="sub-menu">
<li id="menu-item-84364" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84364"><a href="http://www.mottoin.com/sole/topic">专题</a></li>
<li id="menu-item-41" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-41"><a href="http://www.mottoin.com/sole/people">人物</a></li>
<li id="menu-item-43" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-43"><a href="http://www.mottoin.com/sole/view">观点</a></li>
<li id="menu-item-42" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-42"><a href="http://www.mottoin.com/sole/events">活动</a></li>
<li id="menu-item-44" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-44"><a href="http://www.mottoin.com/sole/video">视频</a></li>
</ul>
</li>
<li id="menu-item-27" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-27"><a href="http://www.mottoin.com/hr">招聘</a></li>
<li id="menu-item-52" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-52"><a href="http://www.mottoin.com/navs">安全导航</a></li>
<li class="navto-search"><a href="javascript:;" class="search-show active"><i class="fa fa-search"></i></a></li>
</ul>			<div class="sign">			    <div class="sign-mask"></div>			    <div class="container">			        <a href="javascript:;" class="close-link signclose-loader"><i class="fa fa-close"></i></a>			        <div class="sign-tips"></div>			        <form id="sign-in">  			            <h3><small class="signup-loader">切换注册</small>登录</h3>			            <h6>			                <label for="inputEmail">用户名或邮箱</label>			                <input type="text" name="username" class="form-control" id="inputEmail" placeholder="用户名或邮箱">			            </h6>			            <h6>			                <label for="inputPassword">密码</label>			                <input type="password" name="password" class="form-control" id="inputPassword" placeholder="登录密码">			            </h6>			            <div class="sign-submit">			                <input type="button" class="btn btn-primary signsubmit-loader" name="submit" value="登录">  			                <input type="hidden" name="action" value="signin">			                <label><input type="checkbox" checked="checked" name="remember" value="forever">记住我</label>			            </div><div class="sign-info"><a href="http://www.mottoin.com/resent">找回密码？</a></div></form>			        <form id="sign-up"> 			            <h3><small class="signin-loader">切换登录</small>注册</h3>			            <h6>			                <label for="inputName">昵称</label>			                <input type="text" name="name" class="form-control" id="inputName" placeholder="设置昵称">			            </h6>			            <h6>			                <label for="inputEmail">邮箱</label>			                <input type="email" name="email" class="form-control" id="inputEmail" placeholder="邮箱">			            </h6>			            <div class="sign-submit">			                <input type="button" class="btn btn-primary btn-block signsubmit-loader" name="submit" value="快速注册">  			                <input type="hidden" name="action" value="signup">  			            </div>			        </form>			    </div>			</div>		</body></html>